Scanning Cloud Hosted WordPress application images:
ubuntu@thedatabasengineer-1:~$ sudo docker run –rm -v /var/run/docker.sock:/var/run/docker.sock -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy nginx:1.15.12-alpine
2022-01-21T21:10:34.894Z WARN The root command will be removed. Please migrate to ‘trivy image’ command. See https://github.com/aquasecurity/trivy/discussions/1515
2022-01-21T21:10:34.910Z INFO Detected OS: alpine
2022-01-21T21:10:34.910Z INFO Detecting Alpine vulnerabilities…
2022-01-21T21:10:34.913Z INFO Number of language-specific files: 0
2022-01-21T21:10:34.913Z WARN This OS version is no longer supported by the distribution: alpine 3.9.4
2022-01-21T21:10:34.914Z WARN The vulnerability detection may be insufficient because security updates are not provided
nginx:1.15.12-alpine (alpine 3.9.4)
===================================
Total: 38 (UNKNOWN: 0, LOW: 4, MEDIUM: 20, HIGH: 11, CRITICAL: 3)
Analyze the report and fix CVEs:
Update nginx:1.15.12-alpine to nginx:stable-alpine in Dockerfile.
ubuntu@thedatabasengineer-1:~/wordpress$ sudo docker-compose up -d –force-recreate –no-deps webserver
ubuntu@thedatabasengineer-1:~/wordpress$ sudo docker run –rm -v /var/run/docker.sock:/var/run/docker.sock -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy nginx:stable-alpine
2022-01-21T21:40:40.627Z WARN The root command will be removed. Please migrate to ‘trivy image’ command. See https://github.com/aquasecurity/trivy/discussions/1515
2022-01-21T21:40:41.000Z INFO Detected OS: alpine
2022-01-21T21:40:41.001Z INFO Detecting Alpine vulnerabilities…
2022-01-21T21:40:41.003Z INFO Number of language-specific files: 0
nginx:stable-alpine (alpine 3.14.3)
===================================
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
Verify Image inside container:
ubuntu@thedatabasengineer-1:~/wordpress$ sudo docker inspect webserver |grep -i image |tail -1
“Image”: “nginx:stable-alpine”,
Remove old image:
sudo docker rmi nginx:1.15.12-alpine
Verify WordPress Application
Average Rating